As we enter these unprecedented times, please be careful to ensure that data protection does not take a back seat when it comes to changing our working practices and dealing with data protection issues in general. The Information Commissioner’s Office (ICO) have released a useful list of FAQ’s many of which will apply to Managing Trustees. One overarching piece of advice from the ICO is as follows:
“We know you might need to share information quickly or adapt the way you work. Data protection will not stop you doing that. It’s about being proportionate - if something feels excessive from the public’s point of view, then it probably is.”
Please remember:
- Be Proportionate:
Remember the purposes for which information was collected about an individual and do not use this information for purposes that are not absolutely necessary. - Destroy information when no longer required:
It is recognised that Managing Trustees may be holding information about individuals that they would not normally hold, such as who is self-isolating and why. Managing Trustees must not keep this information longer than necessary e.g. after the immediate crisis subsides. - Security matters:
Whilst we must now work from home wherever possible, Managing Trustees must ensure that people have the appropriate security measures on their electronic equipment etc. Refer to the following policies / Articles:
Remember that the security measures that may be appropriate to one group of Managing Trustees may be different to another. Consider what you can do and what is reasonable and appropriate.
- Compliance with individuals rights:
Individuals still have the right to exercise their ‘rights’ under current data protection legislation (see Section C of the GDPR Guidance Note). It is recognised by TMCP and the ICO that this may be difficult to comply with within the statutory timescales. However, Managing Trustees must do what they can to comply and maintain access to as many files, whether paper or electronic, as possible. COVID-19 may make compliance with the timescales more difficult but it cannot be used as an excuse to ignore requests or delay unnecessarily. Managing Trustees will be anxious to be able to show what they have done to try and comply, what difficulties they have faced that have forced delay and how this has been minimised.
Any request received exercising these rights must be forwarded to TMCP immediately.
District Data Champions must help the Methodist Church continue its Mission whilst at the same time ensure that this work continues to comply with data protection legislation. For those Districts that do not currently have District Data Champions, we urge those Districts to appoint people into this important role. Managing Trustees face uncertain times in the coming weeks because of COVID-19 and it is hoped that this guidance will assist in clarifying their continuing data protection responsibilities and where to continue receiving the support and help they need.
TMCP will shortly be releasing an annual Checklist to assist District Data Champions help Managing Trustees comply with the ‘Accountability’ principle and their normal data protection responsibilities.
Finally:
Information on the Coronavirus (COVID-19) is being published and updated on a daily basis. With that comes a lot of misinformation which is being shared through various social media platforms. At this time, it is important that Managing Trustees listen to, understand and adhere to official Government advice and that of other organisations such as the NHS and World Health Organisations. Links to advice from the following organisations have been added as “External Links” accessible from the COVID-19 page and the page itself:
- Guidance from the Methodist Church Connexional Team;
- The World Health Organisation;
- The NHS;
- The UK Government;
- The ICO; and
- The Charity Commission
If Managing Trustees have any queries then please contact TMCP (dataprotection@tmcp.org.uk) for further assistance regarding general data protection matters and the Conference Office for queries specifically relating to safeguarding or complaints and discipline matters (dataprotection@methodistchurch.org.uk).